277491 – 'min-content-negative-margin-crash.html' crash on WebKit ToT (instead of Timeout like STP199)

RESOLVED FIXED277491

'min-content-negative-margin-crash.html' crash on WebKit ToT (instead of Timeout like STP199)

https://bugs.webkit.org/show_bug.cgi?id=277491

Summary 'min-content-negative-margin-crash.html' crash on WebKit ToT (instead of Time...

Ahmad Saleem

Reported 2024-08-01 09:59:17 PDT

Hi Team, While doing work on css-sizing, I was running test suite and noticed that we are crashing following test now on WebKit ToT (without any change from my side - 281713@main). Test Case - https://wpt.fyi/results/css/css-sizing/min-content-negative-margin-crash.html?label=master&label=experimental&aligned&q=safari%3Atimeout Live Link - http://wpt.live/css/css-sizing/min-content-negative-margin-crash.html Just raising so we can fix. Will attach crash log on Radar. Thanks!

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2024-08-01 09:59:31 PDT

<rdar://problem/132994433>

alan

Comment 2 2024-08-01 10:34:26 PDT

0 WebCore 0x11a7bd90c WebCore::ScrollbarThemeMac::paint(WebCore::Scrollbar&, WebCore::GraphicsContext&, WebCore::IntRect const&)::$_0::operator()() const + 260 1 WebCore 0x11a7bd58c WebCore::ScrollbarThemeMac::paint(WebCore::Scrollbar&, WebCore::GraphicsContext&, WebCore::IntRect const&) + 708 2 WebCore 0x11c5253d8 WebCore::Scrollbar::paint(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy, WebCore::RegionContext*) + 292 3 WebCore 0x11c978358 WebCore::RenderLayerScrollableArea::paintOverflowControls(WebCore::GraphicsContext&, WebCore::IntPoint const&, WebCore::IntRect const&, bool) + 860 4 WebCore 0x11a40f3d4 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 928 5 WebCore 0x11a40df4c WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 312 6 WebCore 0x11a40bfac WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1796 7 WebCore 0x11a40f258 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 548 8 WebCore 0x11c92e87c WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 3704 9 WebCore 0x11c92a8a4 WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 616 10 WebCore 0x11c92f308 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 6404 11 WebCore 0x11c94f728 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RegionContext*)::$_0::operator()(WebCore::RenderLayer&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) const + 1036 12 WebCore 0x11c94f088 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RegionContext*) + 296 13 WebCore 0x11c950eac WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, WTF::OptionSet<WebCore::GraphicsLayerPaintBehavior>) + 804 14 WebCore 0x11c679868 WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, WTF::OptionSet<WebCore::GraphicsLayerPaintBehavior>) + 232 15 WebCore 0x11b34def4 WebCore::PlatformCALayer::drawLayerContents(WebCore::GraphicsContext&, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WTF::OptionSet<WebCore::GraphicsLayerPaintBehavior>) + 276 16 WebCore 0x11c69237c WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, WTF::OptionSet<WebCore::GraphicsLayerPaintBehavior>) + 400 17 WebKit 0x108c399d8 WebKit::RemoteLayerBackingStore::drawInContext(WebCore::GraphicsContext&) + 244 18 WebKit 0x108c4a61c WebKit::RemoteLayerWithRemoteRenderingBackingStore::createContextAndPaintContents() + 60 19 WebKit 0x108c3b810 WebKit::RemoteLayerBackingStoreCollection::paintReachableBackingStoreContents() + 616 20 WebKit 0x10900922c WebKit::RemoteLayerTreeContext::buildTransaction(WebKit::RemoteLayerTreeTransaction&, WebCore::PlatformCALayer&, WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>>) + 324 21 WebKit 0x108b5ae30 WebKit::RemoteLayerTreeDrawingArea::updateRendering() + 776

Nikos Mouchtaris

Comment 3 2025-03-25 15:25:05 PDT

Pull request: https://github.com/WebKit/WebKit/pull/43015

EWS

Comment 4 2025-03-28 13:47:27 PDT

Committed 292849@main (23f68f2f343f): <https://commits.webkit.org/292849@main> Reviewed commits have been landed. Closing PR #43015 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

Nikos Mouchtaris

Reported

2024-08-01 09:59 PDT

Modified

2025-03-28 13:47 PDT History

CC List

5 users Show

URL

Keywords InRadar

Depends on

Blocks